Ver ítem 

Mostrar el registro sencillo del ítem

Ponencia

Opened Access
Advisory: vulnerability analysis in software development project dependencies

dc.creatorMárquez Trujillo, Antonio Germánes
dc.creatorGalindo Duarte, José Ángeles
dc.creatorVarela Vaca, Ángel Jesúses
dc.creatorGómez López, María Teresaes
dc.creatorBenavides Cuevas, David Felipees
dc.date.accessioned2022-11-02T10:28:20Z
dc.date.available2022-11-02T10:28:20Z
dc.date.issued2022
dc.identifier.citationMárquez Trujillo, A.G., Galindo Duarte, J.Á., Varela Vaca, Á.J., Gómez López, M.T. y Benavides Cuevas, D.F. (2022). Advisory: vulnerability analysis in software development project dependencies. En SPLC 2022: 26th ACM International Systems and Software Product Line Conference (99-102), Graz, Austria: ACM: Association for Computing Machinery.
dc.identifier.isbn978-1-4503-9206-8es
dc.identifier.urihttps://hdl.handle.net/11441/138586
dc.description.abstractecurity has become a crucial factor in the development of soft ware systems. The number of dependencies in software systems is becoming a source of countless bugs and vulnerabilities. In the past, the product line community has proposed several techniques and mechanisms to cope with the problems that arise when dealing with variability and dependency management in such systems. In this paper, we present Advisory, a solution that allows automated dependency analysis for vulnerabilities within software projects based on techniques from the product line community. Advisory first inspects software dependencies, then generates a dependency graph, to which security information about vulnerabilities is attrib uted and translated into a formal model, in this case, based on SMT. Finally, Advisory provides a set of analysis and reasoning operations on these models that allow extracting helpful information about the location of vulnerabilities of the project configuration space, as well as details for advising on the security risk of these projects and their possible configurations.es
dc.description.sponsorshipMinisterio de Ciencia e Innovación PID2020-112540RB-C44 (AETHER-US)es
dc.description.sponsorshipJunta de Andalucía P20-01224 (COPERNICA)es
dc.description.sponsorshipJunta de Andalucía METAMORFOSIS (US-1381375)es
dc.formatapplication/pdfes
dc.format.extent4es
dc.language.isoenges
dc.publisherACM: Association for Computing Machineryes
dc.relation.ispartofSPLC 2022: 26th ACM International Systems and Software Product Line Conference (2022), pp. 99-102.
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internacional*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/*
dc.subjectSoftware projectes
dc.subjectLibraryes
dc.subjectDependencyes
dc.subjectVulnerabilityes
dc.subjectCVEes
dc.subjectSecurityes
dc.subjectVerificationes
dc.subjectRiskes
dc.subjectImpactes
dc.titleAdvisory: vulnerability analysis in software development project dependencieses
dc.typeinfo:eu-repo/semantics/conferenceObjectes
dcterms.identifierhttps://ror.org/03yxnpp24
dc.type.versioninfo:eu-repo/semantics/submittedVersiones
dc.rights.accessRightsinfo:eu-repo/semantics/openAccesses
dc.contributor.affiliationUniversidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticoses
dc.relation.projectIDPID2020-112540RB-C44 (AETHER-US)es
dc.relation.projectIDP20-01224 (COPERNICA)es
dc.relation.projectIDMETAMORFOSIS (US-1381375)es
dc.relation.publisherversionhttps://dl.acm.org/doi/10.1145/3503229.3547058es
dc.identifier.doi10.1145/3503229.3547058es
dc.contributor.groupUniversidad de Sevilla. TIC-258: Data-centric Computing Research Hubes
dc.publication.initialPage99es
dc.publication.endPage102es
dc.eventtitleSPLC 2022: 26th ACM International Systems and Software Product Line Conferencees
dc.eventinstitutionGraz, Austriaes
dc.relation.publicationplaceNew York, USAes
dc.contributor.funderMinisterio de Ciencia e Innovación (MICIN). Españaes
dc.contributor.funderJunta de Andalucíaes

FicherosTamañoFormatoVerDescripción
3503229.3547058.pdf928.5KbIcon   [PDF] Ver/Abrir  

Este registro aparece en las siguientes colecciones

Mostrar el registro sencillo del ítem

Attribution-NonCommercial-NoDerivatives 4.0 Internacional
Excepto si se señala otra cosa, la licencia del ítem se describe como: Attribution-NonCommercial-NoDerivatives 4.0 Internacional